NIS+ linux box root getting root master ???

Mauricio Brigato mauricio at bit.fmrp.usp.br
Tue Sep 10 00:53:14 EST 2002


Thanks for everyone who answered it, specially to 
Richard Dawe and Darrel Hankerson.
But, I'm still listening for suggestions..
Thanks for all.

-------------------------------------------------------------
      Mauricio Brigato
      System Administrator - BIT - BioInformatic Team
      Fundação Hemocentro de Ribeirão Preto
      Phone: +55 16 3963-9300    Fax: +55 16 3963-9309
      E-mail: mauricio at bit.fmrp.usp.br
      Homepage: http://bit.fmrp.usp.br/
-------------------------------------------------------------
















---------- Original Message -----------
From: Darrel Hankerson <hankedr at dms.auburn.edu>
To: mauricio at gordon.fmrp.usp.br
Sent: Mon, 9 Sep 2002 09:28:49 -0500
Subject: Re: NIS+ linux box root getting root master ???

> Mauricio Brigato" <mauricio at gordon.fmrp.usp.br> writes:
> 
>    - I have a NIS+ server SUN. This is the main server of my net. 
> (NFS, web,   etc.)   - I have 6 linux box (Red Hat 7.1/7.2/7.3,
>  Slackware 8.1) and 4 Sun   clients of NIS+, but servers.
> 
>    If I log as root on a linux box, and make a su - <user-of-home-
> NIS+> I got   ok.   But, how I block these user ?   I don't want 
> that my user on a linux box have access to all others users   from 
> my domain!
> 
> If you don't trust root on the client machine, then you cannot export
> via ordinary NFS.
> 
> Solaris has secure-NFS (which is easy to use once NIS+ is configured)
> , which gives limited protection.  (At least root doesn't get immediate
> access to ordinary user files from the NFS server, since a keylogin 
> is required.)  Linux does not have secure-NFS.
> 
> As a practical solution, perhaps you can separate the home 
> directories and only export some to the untrusted machines.  This 
> assumes that you have some confidence in root on the client.
> 
> --Darrel Hankerson hankedr at auburn.edu
> 
>    ---------- Original Message -----------
>    From: Darrel Hankerson <hankedr at dms.auburn.edu>
>    To: mauricio at gordon.fmrp.usp.br
>    Sent: Mon, 9 Sep 2002 08:50:47 -0500
>    Subject: Re: NIS+ linux box root getting root master ???
> 
>    > > > I don't know why, every linux box which I put
>    >    > > on NIS+ got the privileges of root master with
>    >    > > linux box root login, via su - <user-of-home-nis+>.
>    >
>    > Depending on what you mean, this is expected.  There is no 
> keylogin,   > so anything that requires credentials fails.  But you 
> will get access   > to ordinary user files this way.   >   > --
> Darrel Hankerson hankedr at auburn.edu
>    ------- End of Original Message -------
> 
>    mauricio at bit.fmrp.usp.br
------- End of Original Message -------

mauricio at bit.fmrp.usp.br




More information about the linux-nisplus mailing list